ComboFix 09-01-13.03 - John Doe 2009-01-13 23.06.58.1 - NTFSx86
Eseguito da: c:\documents and settings\John Doe\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((((( Files Creati Da 2008-12-13 al 2009-01-13 )))))))))))))))))))))))))))))))))))
.
2009-01-12 19:20 . 2009-01-12 19:32 <DIR> d-------- c:\documents and settings\John Doe\.housecall6.6
2009-01-11 02:30 . 2009-01-11 12:28 <DIR> d-------- c:\programmi\Softwin
2009-01-11 02:30 . 2009-01-11 02:29 8,576 --a------ c:\windows\system32\drivers\ybbqgcebfoid.sys
2009-01-11 02:29 . 2009-01-11 02:29 <DIR> d-------- c:\documents and settings\John Doe\Pavark
2009-01-09 02:30 . 2009-01-09 02:30 <DIR> d-------- c:\programmi\File comuni\Apple
2009-01-09 02:29 . 2009-01-09 02:29 <DIR> d-------- c:\programmi\Apple Software Update
2009-01-09 02:29 . 2009-01-09 02:29 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Apple
2009-01-07 13:01 . 2009-01-07 13:03 <DIR> d--h----- c:\windows\msdownld.tmp
2009-01-07 12:33 . 2009-01-07 12:33 <DIR> d--hs---- c:\documents and settings\John Doe\PrivacIE
2009-01-02 19:18 . 2009-01-12 19:17 <DIR> d-------- c:\programmi\Trend Micro
2008-12-30 22:03 . 2008-12-30 22:03 <DIR> d-------- c:\documents and settings\John Doe\Dati applicazioni\HiYo
2008-12-26 12:17 . 2008-12-26 12:17 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-25 13:59 . 2008-12-25 13:59 <DIR> d-------- c:\windows\ie8updates
2008-12-25 13:34 . 2008-12-25 13:36 <DIR> d--h-c--- c:\windows\ie8
2008-12-25 12:30 . 2008-12-25 12:30 <DIR> d-------- c:\documents and settings\John Doe\Dati applicazioni\Windows Search
2008-12-25 11:55 . 2008-12-25 11:55 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-12-25 11:55 . 2008-12-25 11:55 <DIR> d-------- c:\programmi\Windows Desktop Search
2008-12-25 11:55 . 2008-12-25 11:55 <DIR> d-------- c:\documents and settings\John Doe\Dati applicazioni\Windows Desktop Search
2008-12-25 11:54 . 2008-03-07 18:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2008-12-25 11:54 . 2008-03-07 18:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2008-12-25 11:54 . 2008-03-07 18:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2008-12-25 11:54 . 2001-08-17 21:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys
2008-12-25 11:54 . 2001-08-17 21:57 16,128 --a--c--- c:\windows\system32\dllcache\modemcsa.sys
2008-12-25 11:53 . 2008-12-25 11:53 <DIR> d-------- c:\programmi\CONEXANT
2008-12-25 11:47 . 2008-12-25 11:47 <DIR> d-------- c:\programmi\Microsoft Silverlight
2008-12-22 04:10 . 2008-12-26 11:29 2,688 --a------ c:\windows\system32\settings.aaw
2008-12-22 04:10 . 2008-12-26 11:29 1,264 --a------ c:\windows\system32\history.aaw
2008-12-17 12:35 . 2008-12-17 12:35 <DIR> d-------- c:\documents and settings\John Doe\Dati applicazioni\Yahoo!
2008-12-16 17:04 . 2008-12-16 17:03 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-16 17:03 . 2008-12-16 17:03 <DIR> d-------- c:\programmi\Java
2008-12-15 15:08 . 2008-12-15 15:08 <DIR> d-------- c:\documents and settings\John Doe\Dati applicazioni\abelhadigital.com
2008-12-15 15:08 . 2008-12-15 15:08 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\abelhadigital.com
2008-12-14 21:55 . 2008-12-14 21:55 <DIR> d-------- c:\programmi\Bethesda Softworks
2008-12-14 21:55 . 2008-12-14 21:55 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Fallout3
2008-12-14 21:53 . 2008-12-14 21:53 <DIR> d-------- c:\windows\system32\xlive
2008-12-14 19:23 . 2008-12-14 19:23 <DIR> d-------- c:\programmi\Adobe Media Player
2008-12-14 19:22 . 2008-12-14 19:22 <DIR> d-------- c:\programmi\File comuni\Adobe AIR
2008-12-14 19:10 . 2008-12-16 17:16 <DIR> d-------- c:\windows\system32\Adobe
2008-12-14 03:05 . 2008-12-17 12:36 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2008-12-14 03:01 . 2008-12-14 03:01 2,015 -r-h----- c:\windows\system32\drivers\hosts
2008-12-14 03:00 . 2008-12-14 03:09 <DIR> d-------- c:\programmi\RogueRemover PRO
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 22:14 --------- d-----w c:\programmi\PeerGuardian2
2009-01-09 01:31 --------- d-----w c:\programmi\QuickTime Alternative
2009-01-09 01:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2009-01-08 11:00 --------- d-----w c:\documents and settings\John Doe\Dati applicazioni\uTorrent
2009-01-08 00:59 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-07 12:00 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-01 20:45 --------- d-----w c:\programmi\Total Video Converter
2009-01-01 15:25 --------- d-----w c:\programmi\Picasa2
2008-12-31 16:31 --------- d-----w c:\documents and settings\John Doe\Dati applicazioni\VSO
2008-12-16 15:44 --------- d-----w c:\programmi\SpeedBit Video Accelerator
2008-12-14 20:55 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-12 14:14 --------- d-----w c:\documents and settings\John Doe\Dati applicazioni\OpenOffice.org2
2008-12-12 11:58 --------- d-----w c:\programmi\NOS
2008-12-12 11:58 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NOS
2008-12-12 11:21 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-12 00:39 --------- d-----w c:\programmi\WarRock
2008-12-12 00:37 --------- d-----w c:\programmi\Windows Live Toolbar
2008-12-12 00:30 --------- d-----w c:\programmi\Windows Live
2008-12-12 00:28 --------- d-----w c:\programmi\Sports Interactive
2008-12-11 23:31 --------- d-----w c:\programmi\Lavasoft
2008-12-11 23:31 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-12-11 23:31 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-12-11 00:37 --------- d-----w c:\programmi\OpenAL
2008-12-09 13:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\LumaPix
2008-12-09 11:58 271,680 ----a-w c:\windows\FotoFusionV4 Uninstaller.exe
2008-12-09 11:34 --------- d-----w c:\documents and settings\John Doe\Dati applicazioni\LumaPix
2008-12-08 10:16 --------- d-----w c:\programmi\Plzensky_Prazdroj_World
2008-12-07 15:00 --------- d-----w c:\programmi\Yahoo!
2008-12-06 12:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\nView_Profiles
2008-12-01 18:45 --------- d-----w c:\programmi\THQ
2008-11-27 00:24 --------- d--h--w c:\programmi\Creative Installation Information
2008-11-27 00:24 --------- d-----w c:\programmi\Creative
2008-11-27 00:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Creative
2008-11-26 11:37 --------- d-----w c:\documents and settings\John Doe\Dati applicazioni\HDRsoft
2008-11-26 02:19 --------- d-----w c:\programmi\PhotomatixPro3
2008-11-25 01:11 --------- dc----w c:\documents and settings\All Users\Dati applicazioni\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-21 15:27 --------- d-----w c:\documents and settings\John Doe\Dati applicazioni\Uniblue
2008-11-21 15:26 --------- dc-h--w c:\documents and settings\All Users\Dati applicazioni\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-21 15:26 --------- d-----w c:\programmi\Uniblue
2008-11-16 23:23 --------- d-----w c:\programmi\CA Yahoo! Anti-Spy
2008-11-16 23:21 --------- d-----w c:\programmi\File comuni\Scanner
2008-09-25 13:48 7,645 ----a-w c:\documents and settings\John Doe\Dati applicazioni\arts.dat
2007-10-04 22:53 3,655,488 ----a-w c:\programmi\FLV PlayerRCATSetup.exe
2007-10-04 22:36 411,248 ----a-w c:\programmi\FLV PlayerRCSetup.exe
2007-09-19 09:46 120,286 -c--a-w c:\documents and settings\All Users\Dati applicazioni\firstlsp.reg.dat
2004-12-12 18:17 7,667 -c--a-w c:\programmi\releasenotes.txt
2004-12-12 18:04 1,069,056 -c--a-w c:\programmi\dat3.000
2004-12-10 20:55 39,532 -c--a-w c:\programmi\help.html
2004-12-10 20:45 987,136 ----a-w c:\programmi\dat2.000
2004-12-10 20:45 765,952 ----a-w c:\programmi\dat1.000
2004-12-10 20:44 90,112 ----a-w c:\programmi\hook_3DA.dll
2004-12-10 20:44 52,736 ----a-w c:\programmi\ForceDLL.dll
2002-07-23 22:31 9,813 -c--a-w c:\programmi\beta.txt
2002-02-04 21:00 311 -c--a-w c:\programmi\scroll.css
2002-08-29 07:41 401,462 ----a-w c:\programmi\mozilla firefox\components\msvcp60.dll
2002-08-29 07:41 323,072 ----a-w c:\programmi\mozilla firefox\components\msvcrt.dll
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
2008-09-05 00:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008090520080906\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\programmi\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"RaidTool"="c:\programmi\VIA\RAID\raid_tool.exe" [2005-06-20 1056768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-01-05 61440]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2007-11-17 185896]
"QuickTime Task"="c:\programmi\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Windows Search.lnk - c:\programmi\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\l:\
0partizan\
0autocheck autochk *\
0lsdelete
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SpywareBotSrv"=2 (0x2)
"AVEService"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"AntiVirMailService"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"g:\\WinPenPack\\winPenPack\\Bin\\Amsn\\bin\\wish.exe"=
"c:\\Programmi\\DAP\\DAP.exe"=
"c:\\Programmi\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Programmi\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Programmi\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Programmi\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\TomTom HOME 2\\TomTomHOME.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\America's Army Deploy Client\\AADeployClient.exe"=
"c:\\Programmi\\America's Army\\System\\ArmyOps.exe"=
"c:\\Programmi\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Programmi\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Programmi\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Programmi\\Windows Defender\\MSASCui.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2006-01-12 116264]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-11-24 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-30 111184]
R3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys [2008-06-05 474368]
R3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\drivers\usbVM305.sys [2008-06-05 1466624]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-30 20560]
R4 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S1 pci32;Derkz864;\??\c:\windows\system32\drivers\pci32.sys
c:\windows\system32\drivers\pci32.sys
S3 b693CC;b693CC;c:\windows\system32\b693CC.sys [2007-11-16 185824]
S3 b6a3;b6a3;c:\windows\system32\b6a3.sys [2007-08-15 185824]
S3 FoxAwdWINFLASH;FoxAwdWINFLASH;c:\progra~1\FOXCONN\FOXLIV~1\FoxAwdWINFLASH.SYS [2008-01-24 14736]
S3 FXDrv32;FXDrv32;c:\progra~1\FOXCONN\FOXLIV~1\FXDrv32.sys [2008-01-24 23872]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2007-02-22 25773]
--- Other Services/Drivers In Memory ---
*Deregistered* - InCDrec
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\winPenPack.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72e9b194-4601-11dd-9105-00155817c715}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0d392c8-4a6d-11dc-99f3-000e500469d3}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
.
Contenuto della cartella 'Scheduled Tasks'
2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-01-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2009-01-13 c:\windows\Tasks\User_Feed_Synchronization-{4198844B-D150-4001-AD76-0FFF2E776AD3}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
.
- - - - ORFÃOS REMOVIDOS - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Supplementare di scansione -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
TCP: {4A5E05D5-8207-42D7-B904-4C3D1F56EDE4} = 192.168.1.1
Handler: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - c:\programmi\Trend Micro\TrendProtect\MSIE\WRS.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
c:\windows\Downloaded Program Files\CTSUEng.ocx - c:\windows\Downloaded Program Files\CTSUEngn.ocx
O16 -: {6C269571-C6D7-4818-BCA4-32A035E8C884}
hxxp://www.creative.com/softwareupdate/ ... TSUEng.cabc:\windows\Downloaded Program Files\CTSUEng.inf
FF - ProfilePath - c:\documents and settings\John Doe\Dati applicazioni\Mozilla\Firefox\Profiles\pg7w7ad7.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/igFF - plugin: c:\documents and settings\John Doe\Dati applicazioni\VideoEgg\Loader\4665\npvideoegg-loader.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10); user_pref(general.useragent.extra.zencast, Creative ZENcast v1.04.06);user_pref(yahoo.homepage.dontask, true); user_pref(general.useragent.extra.zencast, Creative ZENcast v2.01.01.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-13 23:12:31
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-789336058-602162358-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout]
"LangDB"="c:\\Programmi\\Sports Interactive\\Football Manager 2007\\data\\db\\700\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"LastUpdateCheck"=dword:00009a60
"HighQualityGUI"=dword:00000000
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"ShowHistory"=dword:00000001
"WindowState"=dword:00000000
"WindowHeight"=dword:000002c4
"WindowWidth"=dword:000003fc
"WindowLeft"=dword:00000005
"WindowTop"=dword:00000000
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
[HKEY_USERS\S-1-5-21-789336058-602162358-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000050
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
[HKEY_USERS\S-1-5-21-789336058-602162358-682003330-1003\Software\G*e*n*i*e*"!\FM Genie Scout\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000037
"Position4"=dword:00000008
"Visible4"=dword:00000001
"Width4"=dword:00000023
"Position5"=dword:00000009
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:0000000a
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:0000000c
"Visible7"=dword:00000001
"Width7"=dword:0000004b
"Position8"=dword:0000000d
"Visible8"=dword:00000001
"Width8"=dword:0000004b
"Position9"=dword:0000000e
"Visible9"=dword:00000001
"Width9"=dword:00000050
"Position10"=dword:00000010
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:00000011
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000012
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000013
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000014
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000015
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000016
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000017
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000018
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000019
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:0000001a
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:0000001b
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001c
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001d
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001e
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001f
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:00000020
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:00000021
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000022
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000023
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000024
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000025
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000026
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000027
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000028
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:0000002a
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002e
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000030
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:00000033
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000035
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000036
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000029
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:0000002d
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000037
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000038
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000039
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000003a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000003b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000003c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000003d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000003f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000040
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000041
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000044
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000045
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000046
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000047
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000048
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000049
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:0000004a
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000004b
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000004c
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000004d
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004e
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004f
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:00000050
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:00000051
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000052
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000053
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000054
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000055
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000056
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000057
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000058
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000059
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:0000005a
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:0000005b
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000005c
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000005d
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000005e
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000005f
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:00000060
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:00000061
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000062
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000063
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000064
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000065
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000066
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000067
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000068
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000069
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:0000006a
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:0000006b
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000006c
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000006d
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000006e
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000006f
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:00000042
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:00000070
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000071
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000072
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000073
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000074
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000000f
"Visible106"=dword:00000001
"Width106"=dword:00000050
"Position107"=dword:0000000b
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:00000043
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002f
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000031
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000032
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000034
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000075
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000076
"Visible114"=dword:00000000
"Width114"=dword:00000050
"Position115"=dword:00000077
"Visible115"=dword:00000000
"Width115"=dword:00000050
"Position116"=dword:00000078
"Visible116"=dword:00000000
"Width116"=dword:00000050
"Position117"=dword:00000079
"Visible117"=dword:00000000
"Width117"=dword:00000050
"Position118"=dword:0000007a
"Visible118"=dword:00000000
"Width118"=dword:00000050
"Position119"=dword:0000007b
"Visible119"=dword:00000000
"Width119"=dword:00000050
"Position120"=dword:0000007c
"Visible120"=dword:00000000
"Width120"=dword:00000050
"Position121"=dword:0000007d
"Visible121"=dword:00000000
"Width121"=dword:00000050
"Position122"=dword:0000007e
"Visible122"=dword:00000000
"Width122"=dword:00000050
"Position123"=dword:0000007f
"Visible123"=dword:00000000
"Width123"=dword:00000050
"Position124"=dword:00000080
"Visible124"=dword:00000000
"Width124"=dword:00000050
"Position125"=dword:00000081
"Visible125"=dword:00000000
"Width125"=dword:00000050
"Position126"=dword:00000082
"Visible126"=dword:00000000
"Width126"=dword:00000050
"Position127"=dword:00000083
"Visible127"=dword:00000000
"Width127"=dword:00000050
"Position128"=dword:00000084
"Visible128"=dword:00000000
"Width128"=dword:00000050
"Position129"=dword:00000085
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000086
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000087
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000088
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000089
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:0000008a
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:0000008b
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:0000008c
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:0000008d
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:0000008e
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:0000008f
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:00000090
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:00000091
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:00000092
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:00000093
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000094
"Visible144"=dword:00000000
"Width144"=dword:00000050
"Position145"=dword:00000095
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000004
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000005
"Visible147"=dword:00000000
"Width147"=dword:00000028
"Position148"=dword:00000006
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:00000028